Date: Wed, 11 Jul 2012 17:55:25 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: ./john --show for formats with FMT_NOT_EXACT flag set On Wed, Jul 11, 2012 at 01:56:02PM +0200, Frank Dittrich wrote: > BTW: why does CRC32 have the FMT_NOT_EXACT flag set? > IMHO, this flag should indicate that the implementation used a shortcut, > e.g., for performance reasons, and could produce false positives. > A hash collision (as with CRC32) is different. > If you found a password for that hash, it is valid, no matter how many > other passwords there may be for the same hash. > > The only reason to keep this flag set for CRC32 is if you do have other > hashes for slower salted formats, and you assume that the passwords used > for those other hashes are similar to the passwords used for CRC32. > In this case it makes sense to find as many valid passwords as possible > for CRC32, because you want to use those passwords as candidates for the > slower formats... I think that's not the only reason. Another reason would be to find a prettier looking or easier to remember password. I recall that BIOS password crackers outputted multiple valid passwords for that reason. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.